OpenVPN Client does not use "interface" configured. Connection always established through default gateway.
Tested with 2.3, 2.3.1 and 2.3.2
Test scenario: configure multiple WANs, use WAN1 as default gateway, configure OpenVPN client interface WAN2, go to states and check target IP address. Connection will be made through default gateway WAN1.
Workaround: Configure static routes for the openvpn client (completely kills any HA scenario)
Our main purpose is the use a GatewayGroup as the interface for the openvpn connection so we have redundancy on the connection when a WAN fails. Still, if the openvpn client uses always the default gateway this will never work.
#1 Updated by Jim Pingle about 3 years ago
- Status changed from New to Not a Bug
- Priority changed from Very High to Normal
- Affected Version deleted (
The state table is fibbing to you a little bit in that case. pf is sending the traffic out the correct WAN, but the interface-bound states show it hitting the interface it originally tried to use. Check the IP address seen by the remote node, and run a packet capture, and you'll find the traffic is actually using the correct WAN, even if the state says otherwise.
I just tested and confirmed this again. We should probably add an FAQ about it, given that is is confusing/unintuitive.